Just ran a fullscan today and the result is AVAST’s webshield.txt located in C:\ProgramData\AvastSoftware\Avast\report\WebShield.txt is detected as JS:ScriptSH-inf [Trj]
What does this mean? how come avast’s own software got infected while I have the application running and no notification ever shows up? is it false positive?
Contact: https://support.avast.com
If this is not a FP detection and you are really infested with such a trojan use the following general cleansing routine.
Do an additional scan with MBAM
Another method to cleanse it from your device: Windows 10 / Windows 8
Push thePower button in Windows start-up screen.
Now push Shift on the keyboard and keep pressed down, then click Restart.
Then select Troubleshoot → Advanced options → Startup Settings en finally push Restart
As soon as your pc re-activates, select Enable Safe Mode through Command Prompt in Startup Settings window.
When Command Prompt shows up, give in CD restore and then enter.
Now type rstrui.exe and again click enter.
In a new window click Next and choose a point of restore (date) that lies before the infection through JS:Script-inf[Trj].
Now again click Next.
Click Yes to start system restore.
Now again scan with MBAM (MalwareBytes) to see whether your system is free of this crypto-/ransomware trojan.
Info source: ESolutions
polonus
I ran a full system scan with Malwarebytes premium and it returns with 0 detection, does that mean it’s a false positive?
with Avast full system scan it got detected though so I’ve put the .txt file in quarantine as avast suggested for now
The .txt file would not be detected by Malwarebytes as it does not target script/doc/media files
Thanks Pondus for pointed that out.
Wait for a verdict by avast’s, but it could well be a false positive find.
Haven’t we been there before? It could always be ‘in the game’ with so-called generic finds.
polonus